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DESCRIPTION 

MPEG-21 Digital Content Protection System 

TECHNICAL FIELD 

The present invention relates to Digital Eights Management (DRM) or 
Intellectual Property Management and Protection (IPMP) for a generic digital 
content, especially relates to the protection and management of a digital content 
independent of any data format. 

BACKGROUND ART 

As various kinds of network are widely deployed, it will be demanded that 
digital content can be dehvered and distributed to user via such network besides 
using CD, DVD. The corresponding issue is raised by content owner. Is it secure to 
sell their content in this way? 

As hard disk or other storage embedded device become more and more, 
another issue is that how the content protection technique can ensiire the entitled 
rights to be exercised correctly. 

As many different digital formats exist to use for packaging content in 
digital form for easy transmitting over various network, question arises as how 
the protection technology can be cross-used among different digital formats. 

At the same time users have more demands on the convenience with low 
cost for enjo5dng content, even sharing with their friends if they purchase such 
rights, to have rich user experience. 

Conflict is always there since content owner cares for any illegal copy so 
that content providers are trjdng to protect content in their own proprietary ways 
due to lacking of the open protection techniques in the market at that time. 




This not only brings a big barrier for content owner to sell content, but also brings 
a heavy cost for CE (consumer electronics) manufecturers to produce dijBFerent 
versions of the product just for matching with various protection techniques which 
5 content provider use. 

MPEG-21 is trjdng to define a generic firamework to enable transparent 
and augmented use of digital content across a wide range of networks and 
devices used by different communities. How to protect the contents when they 
are being used across network or devices, becomes a very important item in 

10 MPEG-21, which is the part 4 of MPEG-21, caUed MPEG-21 IPMP (InteUectual 
Property Management and Protection) 

In the past, people working on MPEG-4/2 IPMP Extension were 
required to define a content protection scheme based on MPEG-4/2 system since 
the aim is to protect any content if they are packaged in MPEG-4/2 format. 

15 In MPEG-21, a Digital Item (DI) is defined as a structured digital object 

for any digital content with a standard representation, identification and 
description, and it will be used as the fundamental unit of interchange, 
distribution and transaction within MPEG-21 fi^amework. 

The Digital Item is declared and expressed using XML by Digital Item 

20 Declaration (DID). Besides a digital content which is represented as media 
resources in MPEG-21, such as video, music, image, the DID provides the 
flexible structiu-e to include various kinds of fimctional metadata. Such 
metadata is supposed to describe media resource format, to specify resource 
protection scheme, to give the resource an identification name, to provide User 

25 preference, etc. 

Besides the core part of DID technology, some other key technologies 
have also been elaborately developed or are under development. Digital Item 
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Identification (DID, Digital Item Adaptation (DIA), Intellectual Property 
Manageiment and Protection (IPMP), REL (Rights Expression Language)/RDD 
(Rights Data Dictionary), as well as ER (Event Reporting) are all the important 
technologies for extensively exploiting the Digital Items' usage. All the 
5 functional metadata defined by these technologies can be placed into a DID 
document to aid the actual media resource consumption. 

A content protection and management mechanism is highly requested to 
address most of the requirements raised by many different apphcation domains, 
especially in the scope of MPEG-21 domain, to reflect the market needs. 
10 The requirements on MPEG-21 IPMP are the problems to be targeted 

and solved here. 

IPMP, especially MPEG-21 IPMP shall support the management and 
protection of intellectual property in descriptors and description schemes. 

IPMP, especially MPEG-21 IPMP shall provide for interoperabihty so 
15 that content is able to be played anywhere. 

IPMP, especially MPEG-21 IPMP should enable devices to dynamically 
discover, request, and obtain upgrades for supporting new media formats, IPMP 
tools and support. 

IPMP, especially MPEG-21 IPMP shall provide mechanisms to reference 
20 Digital Item Descriptions as part of the language, make reference to external 
content descriptions. 

IPMP, especially MPEG-21 IPMP shall provide mechanisms to associate 
Expressions with composite Digital Items. 

IPMP, especially MPEG-21 IPMP shall provide mechanisms to reference 
25 Containers or other aggregations of Digital Items. 

IPMP, especially MPEG-21 IPMP should flag that a particxdar 
Expression should be subject to protection. The protection itself (if any) is 
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provided by an IPMP system controlling the Expression as a Digital Item. 

IPMP, especially MPEG- 21 IPMP shall provide mechanisms to reference 
authentication schemes. 

IPMP, especially MPEG-21 IPMP shall provide mechanisms to ensure 
5 that the IPMP is independent of the format or delivery chaimel of Digital Items. 

IPMP, especially MPEG-21 IPMP shall imambiguously articulate 
requirements relating to IPMP Tool and Features. 

IPMP, especiaUy MPEG-21 IPMP shaU need to identify IPMP Ibols and 
Features to build trusted IPMP implementations. 
10 IPMP Ibols and Features are components parts to build an 

IPMP -enabled Terminal or Peer. It should also possible for a Terminal or Peer 
to disclose its IPMP capabihty (IPMP Tools and Features). This makes it 
possible for a communicating Terminal or Peer to examine IPMP capability of 
another Terminal or Peer before deciding to engage with it. 

15 

DISCLOSURE OF THE INVENTION 

Methods of Digital Content Protection with Digital Rights Expression, 
comprising the following steps of 

Parsing a digital content description, especiaUy parsing a DID (Digital 
20 Item Declaration) in MPEG-21 scope; 

Retrieving a digital content identifier (content ID) which is used to 
identify the said digital content, especiaUy a DII in MPEG-21 scope, or sub 
content identifier; 

Detecting a rights and protection description holder which contains 
25 rights and protection information applied to the said digital content with the 
corresponding content ID, and here the holder caUed IPMP (InteUectual 
Property Management and Protection) Control Graph Holder or REL (Rights 



Expression Language) IPMP Control Graph holder? 

Retrieving a flag from the said holder which indicates if the said content 
is protected or belongs to free content; 

Processing the description information carried in the said IPMP Control 
5 Graph or REL IPMP Control Graph; 

Checking if rights descriptions or other metadata description is digital 
signed by retrieving a flag which is attached to the said rights or other 
metadata; and if it is signed, preparing the corresponding digital signing tool 
which is indicated by TbolID; 
10 Retrieving a key Ucense from a protected License Manager; 

Checking the integrity of the said rights or metadata using the said 
digital signing tool; 

Parsing the said rights with their conditions following the rules which is 
pre-defined, especially following REL rules which is defined in MPEG-21 scope, 
15 and storing the said entitled rights and conditions in a buffer for future 
checking; 

Checking if the said content is encrypted by retrieving a flag which is 
attached to the said content; and if it is encrypted, preparing the corresponding 
encryption tool which is indicated by TbolID; 
20 Un-protecting the said encr3T)ted content using the said encryption tool 

with the said TbolID, and other information; 

Checking if the said content is watermarked by retrieving a flag which 
is attached to the said content; and if it is watermarked, preparing the 
corresponding watermarking tool which is indicated by ToolID for further 
25 action; 

Processing user's request against the said entitled rights and conditions 
stored in the buffer; 
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Exercising the rights requested by the said user if it is entitled, and 
Acting on the said un-protected content for playing, rendering, 
recording, modifying, deleting, adapting, etc, 

5 BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 shows a Prior Art" DID Structure with Possible Protection 
Information Included. 

Figure 2 shows a Prior Art: MPEG-21 IPMP Architecture. 
Figure 3 shows Content Packaging Flow Chart with separate Rights & 
10 Protection. 

Figure 4 shows Terminal Processing Flow Chart for Protected & 
Packaged Content with IPMP Control Graph Information. 

Figure 5 shows Content Packaging Flow Chart with mixed Rights & 
Protection. 

15 Figure 6 shows Terminal Processing Flow Chart for Protected & 

Packaged Content with REL-IPMP Control Graph Information. 

Figure 7 shows IPMP Control Graph for Rights & Protection 
Information Carried in DID. 

Figure 8 shows IPMP Architecture with IPMP Control Graph Processed. 
20 Figure 9 shows IPMP Architecture with REL-IPMP Control Graph 

Processed. 

Figxire 10 shows Layout of Rights and Protection in REL-IPMP Control 

Graph. 



25 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 



(Means of Solving the Problems) 

On the content packaging side: 

By introducing the concept of IPMP Control Graph to refer to edl the 
rights and protection information which is directly associated with the content 
5 By defining IPMP Control Graph or REL-IPMP Control Graph as 

protection metadata holder to contain rights and protection information which is 
used to package and protect the content; 

By placing rights & condition in the IPMP Control Graph or REL-IPMP 
Control Graph; 

10 By placing content encr3T>tion information in the IPMP Control Graph or 

REL-IPMP Control Graph; 

By placing watermarking information in the IPMP Control Graph or 
REL-IPMP Control Graph; 

By placing rights protection information in the IPMP Control Graph or 
15 REL-IPMP Control Graph; 

By placing and indicating key information which is used to encrypt 
content in the IPMP Control Graph or REL-IPMP Control Graph; 

By placing key/hcense information in the IPMP Control Graph or 
REL-IPMP Control Graph, or in Rights, DID, or somewhere indicated by 
20 keyLocation; 

By indicating which IPMP Tool is used for encryption, digital signing, 
watermarking with TobUD in the IPMP Control Graph or REL IPMP Control 
Graph; 

By associating rights and protection with the protected digital content or 
25 its sub content using content ID or DII and sub content ID; 

By placing IPMP Control Graph or REL IPMP Control Graph in DID 
container or other appropriate place in other appHcation domains; 
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On the terminal side" 

By parsing DID to retrieve content ID or sub content ID, and IPMP 
Control Graph or REL-IPMP Control Graph; 
5 By parsing IPMP Control Graph or REL IPMP Control Graph to retrieve 

Rights and Protection related descriptions; 

By invoking IPMP tools which are used to protect the content or rights, or 
other metadata; 

By retrieving key information from KeyData Holder directly of indirectly; 
10 By retrieving a key Ucense from a protected License Manager; 

By im-protecting the protected content using the above obtained 
information; 

By checking Rights' integrity using the tool indicated by TooUD; 

By parsing the rights and conditions which are embedded with the 

15 content; 

By retrieving watermarking descriptions and preparing for further 

action; 

(Operation of the Invention) 

On the content production side as shown in Figure 3, IPMP Control 
20 Graph is generated as shown in Figure 7, to contain all the rights and 
protection information which is directly associated with the content identified 
by content Identifier (CID) or DII if MPEG-21 could be used. 

The content could be watermarked using certain watermarking tool to 
achieve certain functions, such as finger printing, persistent association, or 
25 copyright protection by embedding CID or other information. 

The content can be encrjrpted by an IPMP tool with ToolIDXXX, where 
XXX is the number which is registered with RA (Registration Authority), to 
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indicate which encryption algorithm is used. A default tool such as AES is 
defined for simple hardware to implement. The resulted Key information could 
be carried in IPMP Control Graph directly or by pointing to a location where 
the whole Key information data could be found. The encryption key can be 
5 further encrypted and finally a hcense could be generated and directly carried 
in either IPMP Control Graph, in REL data or other Rights Expression Data, or 
in DID itself, or in somewhere which can be indicated by KeyLocation indicator 
to be carried in IPMP Control Graph/REL/DID; 

However the segments of key information would also possibly be 

10 packaged together with the associated content segments when the protected 
content is transmitted via network for synchronization purpose. 

Rights can be expressed by an independent and existing technology 
standard such as REL defined in MPEG-21 or other Rights Expression methods, 
and such rights could be protected by digital signature for its integrity; 

15 On the content consumption side as shown in Figure 4, a packaged 

content with rights and protection information is subjected to IPMP Control 
Graph parsing, from there it can be known if the content is protected and 
furthermore to determine whether the content is encrypted, watermarked, or 
rights is protected as well; 

20 The corresponding protection tools would be invoked and acted on the 

protected object, the tools can be those normative tools defined by MPEG-21 
standard and hence installed in the device, or the tools can be proprietary and 
identified by tool IDs which can be downloaded from a remote location; 

Tool is identified by a registered Tool ID, which is a flag to tell terminal 

25 or device to prepare the corresponding tool or locate the tool beforehand; 

The key information is retrieved fi-om KeyData Holder defined and 
carried in IPMP Control Graph directly or indirectly, and it would also possibly 
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be obtained in segment with the corresponding content segment to be protected 
if the content is distributed through network. 

The hcense information can be obtained from License Manager which 
could be a temper resistant entity to prevent any disclosure of how a hcense is 
5 retrieved by a hcense manager. 

Rights and content is un-protected by using the above key, key data, and 
protection tool. Rights is fiirther parsed by Rights Parser to obtain the rights 
and conditions in clear form, so that the rights and conditions processing can be 
conducted. 

10 Therefore the un-protected content can be played back, rendered, 

modified, deleted, or adapted if there is such rights entitled for the user; 

(EXEMPLARY EMBODIMENT) 

As shown in Figure 1 for the prior art [see reference 1 and 2], a digital 
15 content is packaged by DID with possible protection associated. 
(REFERENCE 1, 2) 

[1] "ISO/IEC 21000-2 MPEG-21 Digital Item Declaration FDIS", ISO/IEC JTCl 
SC29/WG11/N4813, May 2002 

[2] Patent on "Apparatus of a MPEG-21 System", inventors^ Zhongyang Huang, 
20 Ming Ji, Shengmei Shen, Taka Senoh, Takuyo Kogure, Takafumi Ueno with 

internal patent number PatOl.028, filed in Japan in Feb.2002. 

The DID has defined a useful model (unit 1.1 in Figure l) formed by a 

set of abstract terms and concepts such as Container, Item, Component, Anchor, 

Descriptor, Condition, Choice, Selection, Annotation, Assertion, Resource, 
25 Fragment, Statement, etc (e.g. shown in Figiire 1 unit 1.6, 1.7, 1.8) for defining 

Digital Items. 

ModxUe 1.2 shown in Figure 1 is the overall IPMP Control Information 
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used for all the items to be protected inside this container. Module 1.3 and 1.4 
are the specific protection information which is associated to the protected 
content. Module 1.5 is the DII to indicate the content ID. 

The further improvements over the Prior Art are- 
5 Since DID is to address static relation among each elements and it can 

be treated as file format, rights and protection information can be directly 
associated to its protected content as IPMP_Control_Graph, shown in Figure 3. 

On the other hand, key information can be carried firom KeyData 
Holder in IPMP_Control_Graph directly or indirectly. It cotdd also be 
10 segmented when the content is dehvered via network. 

Rights which might be encrypted is carried separately or together with 
protection information. 

Another Prior Art is shown in Figure 2 [see reference 3] for MPEG-21 
IPMP Architecture. 
15 (REFERENCE 3) 

[3] "MPEG-21 Architecture, Scenarios and IPMP Requirements", ISO/IEC JTCl 
SC29AVG11/N5874, July 2003 

The Rights Expression Language (REL) Engine in module 2.1 is the 
component that determines REL authorizations, giyen an authorization request 
20 and a set of Ucenses and root grants. The REL Engine uses the License 
Manager to help resolve authorization queries. 

The Digital Item Manager in modxile 2.2 parses Digital Item 
Declarations within Digital Items. The Digital Item Manager also provides 
access to where the Digital Items are, and creates Digital Item iNstances in 
25 modide 2.3. The Digital Item Manager passes to the License Manager any 
Licenses that are embedded within Digital Item Declarations. 

The Digital Item iNstance in module 2.3 represents a Digital Item 
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within a Trusted Domain. The Digital Item iNstance contains local metadata 
about the Digital Item, such as storage location and possibly information about 
content encryption keys. 

The License Manager in modiile 2.4 supports the REL Engine by 
5 managing the persistent state of Licenses and their authorization or revocation 
status. The License Manager is also responsible for verifying the integrity of 
Licenses. 

The Condition Processor in modvde 2.5 selects, evaluates and fulfills 
Conditions, and initiates the execution of authorized Operations (via the DIP 

10 Processor, generating a Right Exercise) once conditions are satisfied. 

The IPMP User Session Manager in module 2.6 orchestrates the 
invocation of Digital Item Operations (via the Condition Evaluator), first 
making sure that proper authorization is obtained (via the REL Engine) and 
that conditions are evaluated (via the Condition Evaluator). 

15 A Right Exercise in module 2.7 is a record of having exercised a right, 

i.e., the invocation of a Digital Item Operation. It is maintained by the User 
Session Manager, and is used to associate the fulfillment of Conditions with the 
exercise of Rights. 

The Digital Item Processing Engine in modiile 2.8 executes Digital Item 
20 Operations, including Digital Item Methods (DIMs), Digital Item Basic 
Operations (DIBOs) in module 2.9, and Digital Item eXtended Operations 
(DIXOs) in module 2.10. The DIMs are executed by a DIM Engine, the DIXOs 
by a DIXO Engine, and the DIBOs by a DIBO Library. The Digital Item 
Processing Engine updates the User Session State with process state 
25 information. 

The big issue with Figure 2 is that there is no protection information to 
be processed, interpreted and transferred, especially when content is protected 
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by several tools and rights is also protected using different tools. There is no 
clear picture for people to know how the content is protected and how it should 
be processed. 

The second issue with Figure 2 is that the data flow from License 
5 Manager should not go to REL Engine since the existing REL engine defined in 
MPEG-21 REL only processes rights expression. The output from license 
manager could contain the encryption key which is used to decrypt the content 
controlled by an entity which should be IPMP Manager shown in Figure 9. The 
decryption itself can be done in IPMP Ibols, DIP Processor, DIME, or DIBO, or 
10 DIXO. 

The third issue with Figiu-e 2 is that there is no data flow indication to 
indicate where those REL data comes from, for REL Engine to process. Such 
Rights Expression including rights conditions if they are expressed in MPEG-21 
REL format, they could be carried as metadata together with DI in a DID 
15 container, and processed by DI Manager. DI Manager should be changed into 
DID Parser which only parses information by following what DID is defined. 

The better rights and protection is designed based on the two cases. The 
first case is where the existing REL is employed for expressing the 
corresponding rights and conditions and a protection control mechanism is 
20 defined to take care of content protection including encryption, watermarking, 
key management. The second case is where the existing REL is extended by 
adding protection function which coiild include encryption, watermarking, key 
management, etc. 

Both cases are elaborated in the following sections. 



25 
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(Content Packaging and Consumption with Separate Rights and Protection) 

As in Figure 3, it is shown on the content packaging side with rights 
and protection scheme. REL in module 3,8 is the existing rights expression 
language to be used to package the relevant rights with their conditions. Other 
5 parts through 3.3, 3.4, 3.5, 3.6, 3.7, 3.9, 3.11, and 3.13 are the protection related 
functions. The most important part is in module 3.15, which is the IPMP 
Control Graph. It can be carried in DID container in MPEG-21, but it also can 
be carried in other places in different appUcation domains. 

When the content is needed to transmit via network, normally it will be 
10 segmented, encrsrpted and stored as Resource somewhere, and the 
corresponding time -variant key is stored as Key Information in KeyData Holder 
in IPMP Control Graph in module 3.9 directly or indirectly by pointing to a 
location. 

For example when the protected content is transmitted over RTP, IPMP 
15 Control Graph can be carried in SDP (Section Description ProtocoD, while the 
key information can be carried in the RTP header or as special case for video 
and audio packet as long as there is synchronization among time-variant keys 
and the protected video or audio data. 

Module 3.1 is to assign content ID, DII in MPEG-21 could be used here. 
20 If necessary sub content ID can be used and the protection can be associated 
with this sub content ID if the sub content need to be protected. 

Modide 3.2 is to place a flag in IPMP Control Graph to tell if the content 
is protected or free. Module 3.3 is to place a flag in IPMP Control Graph to 
indicate if there is watermarking embedded. 
25 If there is watermarking embedded in the content, module 3.4 will 

assign watermarking (WM) TdoIID for the WM tool used for this case, and 
ToolID is then recorded and placed in IPMP Control Graph. The module 3.5 will 
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create WM Descriptions including watermarking Interface or API related 
information which is placed in IPMP Control Graph. 

Module 3.6 is to determine if the content will be encrypted, and a flag 
for 'Tes/No" will be placed in IPMP Control Graph in module 3.15. 
5 Module 3.9 is to assign encryption ToolID for the encryption tool used 

for this case, and TbolID is then recorded and placed in IPMP Control Graph. 
The module 3.7 is to place Key information in KeyData Holder directly in IPMP 
Control Graph, or pointing by the Holder to other location. 

The encryption key can be further encrypted in module 3.11, and 3.13, 
10 and the key as a Ucense is eventually placed in IPMP Control Graph, REL, DID, 
or somewhere indicated by KeyLocationl. 

Module 3.8 is to create and package rights with the corresponding 
conditions which conforms to the existing REL standard, and this part could be 
modified and edited by distribution agents in the content distribution value 
15 chain. 

The module 3.10 is to protect the rights metadata by digitally signing 
the rights. Module 3.12 is to assign TdoIID for the verification of the digital 
signature, and module 3.14 is to place the Entity_Key in IPMP Control Graph, 
or in DID, or in somewhere indicated by KeyLocation2. 

20 The detail of module 3.15 is shown in Figure 7 (a) as an example in the 

case of MPEG-21 where XML based approach is used to express IPMP Control 
Graph. A DI (7.2, declared by a DID 7.1) consists of two Items (7.2, 7.3), each of 
which has their identification scheme (7.4, 7.5) with respective attached media 
resource (7.8, 7.9). Module 7.6 shows the IPMP Control Graph mentioned above 

25 and Module 7.7 gives the actual rights expression (conditions and usage rules) 
linked to the resource. 

Figure 4 shows the Terminal Processing Flow Chart to process 
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protection & Packaging Information carried in IPMP Control Graph before a 
protected content coxild be consumed in module 4.18. 

Module 4.1 is to parse DID and IPMP Control Graph information where 
DID parser is required only for the case IPMP Control Graph is carried in DID 
5 in MPEG-21 case. 

In the case of content distribution over RTP network, IPMP Control 
Graph can be retrieved from SDP to obtain rights and protection description 
information except the key information if it is time -variant. 

Module 4.2 is to detect if the content is protected or free. If it is free, it 
10 will be able to play back by module 4.18 for consumption. Otherwise there are 
three branches to go and check in module 4.3, 4.4, and 4.5, respectively. 

Module 4.3 is to detect if the Rights is encrypted, module 4.4 is to detect 
if the content is encrypted, and module 4.5 is to detect if the content is 
watermarked. 

15 If the rights is protected, module 4.6 is to invoke the protection tool with 

ToolID and module 4.7 is to check the integrity of the rights using the tool. If 
the integrity is successfxilly verified in module 4.8, the rights will be sent to 
module 4.9 for parsing the rights by REL Engine which conforms to the existing 
REL standard. 

20 Module 4.11 is to process the rights and conditions attached to the 

content and store the entitled rights and conditions in a buffer. In module 4.19 
those rights requested by the users are subjected to checking against the rights 
and conditions stored in the buffer. 

If there is hcense carried in Rights, module 4.10 is to retrieve Hcense 
25 from License Manager which may be temper resistant (TR) protected. 

If the content is protected and encrypted, module 4.13 is to invoke the 
encryption tool indicated by TooUD carried in IPMP Control Graph, modxile 
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4.14 is to retrieve Key Information, and module 4.12 is to obtaining the key 
license from License Manager. 

License Manager here could be protected by temper resistant technique 
if it is part of the terminal or somewhere in other places, since it will provide 
5 the actual Ucense which the decryption engine will use to im-protect the 
content. 

The encryption tool can be defined as default for most of the terminals 
to use in their implementation, while an IPMP ToolID is provided so that people 
can choose other than default encryption tool in their special domain. If the 

10 platform is allowed to download and use different encryption tool indicated by 
ToolID, it would achieve extensibiUty, flexibihty and renewabiUty at the same 
time we will achieve interoperability across different domains. 

Key Information could be retrieved from different places in the case of 
content dehvery via various networks. This will depend on where you place key 

15 information. If you place them in RTP header, you can get them there, while if 
you place them as other packets like video and audio data, you can get them by 
following the same rules apphed to video and audio. The time-variant key 
information is required to obtain in the same time when you need to decrypt the 
video and audio content. 

20 Module 4.15 is to decrypt the content with the invoked tool, KeyData, 

and License, then passed to module 4.17 for further processing. 

If the content is detected as watermarked in modxile 4.5, the 
watermarking tool with ToolID and its description data including interface will 
be invoked and prepared in module 4.16 for action which is up to user's request. 

25 Finally module 4.17 is to exercise the rights which user is requested 

based on the entitled rights & conditions, and act on the un-protected content 
which is the output of module 4.15. 
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In Figure 4 Temper Resistant is used to protect the function of License 
Manager to provide license, Rights & Condition Processing to prepare the rights, 
even content decryption for obtaining un-protected content. 

Figure 8 shows a modified IPMP Architecture with REL and IPMP 
5 Control Graph separately processed. Compared to the Rights and Protection 
(IPMP Related) functions in Figure 4 and Figure 8, it is clear that there are 
many IPMP related functions missing in the prior art of Figure 2. Only the 
blocks in blue color in Figure 4 which are the module 4.9 for REL Engine, 
modvile 4.10 and 4.12 for License Manager, and modvde 4.11 for Conditions 
10 Processing, are introduced in the prior art as shown in Figxire 2. Such function 
blocks are module 2.1, module 2.4, and module 2.5 in Figiu-e 2. 

As shown in Figure 8, Module 8.11 is added for parsing and processing 
IPMP Control Graph information, and the corresponding results are passed to 
License Manager in module 8.4, REL related data passed to REL Engine in 
15 module 8.1 after its integrity is checked, and content protection and 
watermarking information passed to DI iNstanace in module 8.3 for further 
processing. 

Decrypting, watermarking, etc. in module 8,12, coidd be conducted in 
module 8.8 if such method is defined in DIME, or in module 8.9 if it is defined 
20 as one function of DIBO, or in module 8.10 if it is an external function. 

The hne 8.14 is shown for the data flow firom IPMP Control Graph 
processing module to REL Engine, and the line 8.15 is shown for the data flow 
firom IPMP Control Graph processing module to NI iNstance. 

The hne 8.16 is shown for the data flow firom License Manager to the 
25 un-protecting block in the module 8.12 for issuing a Ucense. 

Module 8.13 is for Event Reporting Engine which is placed in the same 
trusted domain compared to that in Figure 2. 
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TR means Temper Resistance module to be used to protect License 
Manager operation and Condition Processing Operation. 

Other modules have the similar meaning as explained in Figure 2. 

5 (Content Packaging and Consumption with Mixed Rights and Protection) 

In this case, there is no clear boundary between rights and protection, 
and they are mixed. IPMP Control Graph can be considered as REL-IPMP 
Control Graph. 

Based on the cxurent MPEG-21 REL or other rights expression 
10 language, protection of content as well as indicating for how to protect the 
content is not defined. In this case the existing REL has to be extended to 
support such protection signaling. 

As shown in Figure 5 which is based on Figure 3, Module 5.16 is 
considered as REL + Extension to support content protection signaling by 
15 extending the existing REL standard, and module 5.15 is changed into 
REL-IPMP Control Graph. Modvde 5.8 is the existing REL fimction. 
Other modules have the same functions as explained above. 
As in Figure 5, it is shown on the content packaging side with rights 
and protection scheme. REL in module 5.8 is the existing rights expression 
20 language to be used to package the relevant rights with their conditions. Other 
parts through 5.3, 5.4, 5.5, 5.6, 5.7, 5.9, 5.11, and 5.13 are the protection related 
functions. The most important part is in module 5.15, which is the REL-IPMP 
Control Graph. It is carried in DID container in MPEG-21, but it also can be 
carried in other places when it is used in different appUcation domains. 
25 When the content is needed to transmit via network, normally it will be 

segmented, encrypted and stored as Resource somewhere, and the 
corresponding time-variant key is stored as Key Information in KeyData Holder 
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in REL-IPMP Control Graph in module 5.9 directly or indirectly by pointing to 
a location. 

For example when the protected content is transmitted over RTP, 
REL-IPMP Control Graph can be carried in SDP (Section Description Protocol), 
5 while the key information can be carried in the RTP header or as special case 
for video and audio packet as long as they are synchronized among time -variant 
keys and the protected video or audio data. 

Module 5.1 is to assign content ID, DII in MPEG-21 could be used here. 
Modxile 5.2 is to place a flag in REL-IPMP Control Graph to tell if the content is 
10 protected or free. Module 5.3 is to place a flag in REL-IPMP Control Graph to 
indicate if there is watermarking embedded. 

If there is watermarking embedded in the content, module 5.4 wiU 
assign watermarking (WM) TbolID for the WM tool used for this case, and 
ToolID is then recorded and placed in REL-IPMP Control Graph. The module 
15 5.5 will create WM Descriptions including watermarking Interface or API 
related information which is placed in REL-IPMP Control Graph. 

Module 5.6 is to determine if the content will be encrypted, and a flag 
for *Tes/No" will be placed in REL-IPMP Control Graph in module 5.15. 

Module 5.9 is to assign encryption ToolID for the encr3rption tool used 
20 for this case, and ToolID is then recorded and placed in REL-IPMP Control 
Graph. The module 5.7 is to place Key information in KeyData Holder directly 
in REL-IPMP Control Graph, or pointing by the Holder to other location. 

The encrjTption key can be further encrypted in module 5.11, and 5.13, 
and the key as a Ucense is eventually placed in REL-IPMP Control Graph, REL, 
25 DID, or somewhere indicated by KeyLocationl. 

Module 5.8 is to create and package rights with the corresponding 
conditions which conforms to the existing REL standard, and this part could be 
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modified and edited by distribution agents in the content distribution value 
chain. 

The module 5.10 is to protect the rights metadata by digitally signing 
the rights. Module 5,12 is to assign ToolID for the verification of the digital 
5 signature, and module 5.14 is to place the Entity_Key in REL-IPMP Control 
Graph, or in DID, or in somewhere indicated by KeyLocation2. 

The detail of module 5.15 is shown in Figure 7 (b) as an example in the 
case of MPEG-21 where XML based approach is used to express REL-IPMP 
Control Graph. The figure is similar to Figure 7 (a). It uses REL-IPMP Control 
10 Graph (7.10) to replace 7.6 and 7.7 modules as shown in Figure 7 (a) but act as 
similar function to represent all rights and protection information. 

It can be seen fi-om the Figure 7 (b) that the REL IPMP extension is 
defined here to contain not only rights expression but also protection 
descriptions, and such extension is done on the top of the existing MPEG-21 
15 REL or other Rights expression language since they are originally defined just 
to express rights, conditions, as well as principles and issuers. The ipmpx 
shown in the XML expression in Figure 7 (b) is the part of the extension of REL 
for protection. 

As shown in Figure 6 which is based on Figure 4, Module 6.19 is 
20 considered as REL + Extension to support content protection as well by the 
extended REL, and module 6.9 is the existing REL engine. Module 6.1 is 
changed into REL-IPMP Control Graph, and Module 6.0 is a separate DID 
parser in the case of MPEG-21. 

Other modules are the same fimctions as explained in the above. 
25 In Figure 6 it is shown for the Terminal Processing Flow Chart to 

process protection & Packaging Information carried in REL IPMP Control 
Graph before a protected content could be consumed in module 6.18. 
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Module 6.1 is to parse DID and REL-IPMP Control Graph information 
where DID parser is required only for the case REL-IPMP Control Graph is 
carried in DID in MPEG-21 case. 

In the case of content distribution over RTP network, REL-IPMP 
5 Control Graph can be retrieved jfrom SDP to obtain rights and protection 
description information except the key information if it is time -variant. 

Module 6.2 is to detect if the content is protected or free. If it is free, it 
will be able to play back by module 6.18 for consumption. Otherwise there are 
three branches to go and check in module 6.3, 6.4, and 6.5, respectively. 
10 Module 6.3 is to detect if the Rights is encrypted, module 6.4 is to detect 

if the content is encrypted, and modxile 6.5 is to detect if the content is 
watermarked. 

If the rights is protected, modxile 6.6 is to invoke the protection tool with 
ToolID and module 6.7 is to check the integrity of the rights using the tool. If 
15 the integrity is successfully verified in modide 6.8, the rights will be sent to 
module 6.9 for parsing the rights by REL Engine which conforms to the existing 
REL standard. 

Module 6.11 is to process the rights and conditions attached to the 
content and store the entitled rights and conditions in a buffer. In module 6.19 
20 those rights requested by the users are subjected to checking against the rights 
and conditions stored in the buffer. 

If there is Ucense carried in Rights, modvde 6.10 is to retrieve Ucense 
from License Manager which may be temper resistant (TR) protected. 

If the content is protected and encrypted, module 6.13 is to invoke the 
25 encrj^tion tool indicated by TbolID carried in REL-IPMP Control Graph, . 
module 6.14 is to retrieve Key Information, and module 6.12 is to obtaining the 
key hcense from License Manager. 
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License Manager here could be protected by temper resistant technique 
if it is part of the terminal or somewhere in other places, since it will provide 
the actual Ucense which the decrjrption engine will use to im-protect the 
content. 

5 The encryption tool can be defined as default for most of the terminals 

to use in their implementation, while an IPMP TboUD is provided so that people 
can choose other than default encrjrption tool in their special domain or case. If 
the platform is allowed to download and use different encryption tool indicated 
by TdoIID, it would achieve extensibiUty, flexibiUty and renewabiUty at the 
10 same time we will achieve interoperability across different domains. 

Key Information could be retrieved firom different places in the case of 
content deUvery via various networks. This will depend on where you place key 
information. If you place them in RTP header, you can get them there, while if 
you place them as other packets like video and audio data, you can get them by 
15 following the same rules appUed to video and audio. The time-variant key 
information is required to obtain in the same time when you need to decrypt the 
video and audio content. 

Module 6.15 is to decrypting the content with the invoked tool, KeyData, 
and License, then passed to module 6.17 for further processing. 
20 If the content is detected as watermarked in modxile 6.5, the 

watermarking tool with ToolID and its description data including interface will 
be invoked and prepared in module 6,16 for action which is up to user's request. 

Finally module 6.17 is to exercise the rights which user is requested 
based on the entitled rights & conditions, and act on the un-protected content 
25 which is the output of module 6.15. 

In Figure 6 Temper Resistant is used to protect the functioning of 
License Manager to provide license, Rights & Condition Processing to prepare 
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the rights, even content decryption for obtaining un-protected content. 

Figure 9 shows for a modified IPMP Architecture with REL-IPMP 
Control Graph processed. Compared to the Rights and Protection (IPMP 
Related) functions in Figure 6 and Figure 9, it is clear that there are many 
5 IPMP related functions missing in the prior art of Figure 2. Only the blocks in 
blue color in Figiure 6 which are the module 6.9 for REL Engine, module 6.10 
and 6.12 for License Manager, and module 6.11 for Conditions Processing, are 
introduced in the prior art as shown in Figure 2. Such function blocks are 
modide 2.1, module 2.4, and module 2.5 in Figure 2. 

10 As shown in Figure 9, Module 9.11 is added for parsing and processing 

IPMP Control Graph information, and the corresponding results are passed to 
License Manager in module 9.4, REL related data passed to REL Engine in 
module 9.1 after its integrity is checked, and content protection and 
watermarking information passed to DI iNstanace in module 9.3 for further 

15 processing. 

Decr3Tpting, watermarking, etc. in module 9,12, could be conducted in 
module 9.8 if such method is defined in DIME, or in module 9.9 if it is defined 
as one function of DIBO, or in module 9.10 if it is an external function. 

The line 9.14 is shown for the data flow firom REL-IPMP Control Graph 
20 processing module to REL Engine, and the line 9.15 is shown for the data flow 
firom REL-IPMP Control Graph processing module to NI iNstance. 

The line 9.16 is shown for the data flow fi-om License Manager to the 
un-protecting block in the module 9.12 for issuing a Hcense. 

Module 9.13 is for Event Reporting Engine which is placed in the same 
25 trusted domain compared to that in Figure 2. 

TR means Temper Resistance module to be used to protect License 
Manager operation and Condition Processing Operation. 
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Other modiiles have the similar meaning as explained in Figure 2. 
In Figure 10, Layout of Rights and Protection in IPMP Control Graph 
or REL-IPMP Control Graph is shown, where the content ID, the protected 
object's indicator, the protection flags, and the detail rights and conditions as 
5 well as the detail protection descriptions are placed and carried in this holder. 

(Effective of Invention) 

The invention is very effective when content is required to be protected 

with rights and conditions, especially such content can be in any data form and 
10 could be transmitted via various network. 

The invention is effective when such protection is required to associate 

with the protected content via content ID, especially such protection 

information is defined as a set of descriptions attached to the protected content 

using content ID, or DII in MPEG-21; 
15 The invention is effective when such protection is placed in a generic 

IPMP Control Graph holder or REL-IPMP Control Graph holder, which is clean 

and convenient for content creation, content distribution, as well as content 

consumption, and such holder could be carried in DID in MPEG-21 static file 

format or carried in SDP for RTP transmission, 
20 The invention is effective when each of the protection is indicated by 

ToolID so that both defined IPMP tool and external IPMP Tool can be used for 

flexibility, renewalbility and extensibihty. 

INDUSTRIAL APPLICABILITY 
25 The present invention relates to Digital Rights Management (DRM) or 

Intellectual Property Management and Protection (IPMP) for a generic digital 
content, especially relates to the protection and management of a digital content 
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independent of any data format. The invention is very effective when content is 
required to be protected with rights and conditions, especially such content can 
be in any data form and could be transmitted via various network. 



